Session Details

ZAPping Security Vulnerabilities in Your Development Pipeline

When your application has a security vulnerability, will you or an attacker find it first? Reviewing code and tracking down hidden flaws can be tedious and difficult. Let the free and open source OWASP Zed Attack Proxy (ZAP) help. This session walks through four ways to use ZAP: UI, command line, scripts, and automated development pipeline. You will learn how to attack a live application in all four ways, how to target specific areas of your application for heavier scrutiny, test for specific vulnerabilities, and incorporate ZAP with your development pipeline to automate the whole process including regression testing and report generation, so that vulnerabilities are discovered the moment they are introduced.